The status of “Right to privacy” under the Constitution has not been settled as yet in India. In fact in M.P. Sharma vs. Satish Chandra 1954, an 8-judge bench of the Supreme Court ruled that it is not a fundamental right and this decision of the Supreme Court has not been overruled by the Supreme Court. Constitutional right to privacy is not a strong right in itself and there are many restrictions for right to privacy e.g.
- It can be restricted by procedure established by law and this procedure would have to be just, fair and reasonable (Maneka Gandhi v. Union of India);
- The right to privacy can be restricted if there is a compelling state interest to be served (Govind v. State of M.P).
Although issue of status of Right to privacy in India is currently being examined by constitutional bench of Supreme Court but it is clear that the right lacks a solid foundation amidst the various threats to privacy arising in contemporary era.
Threats to Privacy in India:
- Increase in cyber security threats and cyber attacks around the world including stealing on confidential financial information.
- Data Collection through government schemes such as Digi Locker, DBT and collection of biometric information by UIDAI under Aadhaar initiative is on the rise. Recent reports of its leakages by Aadhaar user agencies highlight lacunae in cyber security and privacy protection in India.
- Plethora of surveillance activities undertaken by government intelligence activities under Central Monitoring System, NETRA, NATGRID etc. without sufficient safeguards.
- Information available on Social media websites is not adequately safeguarded and used by marketing agencies through web bugs, spyware, adware etc
- An increase in the number of internet users to about 500 million in 2017 in India increases the risk of various online threats to them.
In this context, the need of giving Right to Privacy the status of a fundamental right and framing separate privacy legislation has become a necessity. Justice AP Shah Committee in 2012 had laid down a set of privacy principles for the same:
- Principle of Notice: to notify individual before collecting data.
- Principle of Choice and Consent of users while collecting data from them.
- Principle of Collection Limitation to collect data only limited to purpose identified and through a lawful procedure.
- Principles of Purpose Limitation- to keep the purpose as adequately defined and narrow as possible.
- Principle of Access and Correction: Individuals must have access to data related to them and ability to seek correction if needed.
- Principle of Security: Data controllers must provide “Reasonable Security Standards” regarding safety of data.
- Principle of Accountability: Mechanism of implementing privacy principle e.g. privacy commissioners, auditors etc. must be established.
- Principle of openness: The information related to standards, procedures and policies related to data protection must be openly available.
Along with adherence to these principles a Data Protection authority and an Alternative
Dispute Redressal mechanism in case of conflict between data controllers and individuals must be made an integral part of privacy law to safeguard privacy of citizens against arbitrary use of power and to mitigate threats arising in cyber ecosystem from within and outside the country.